[VIM] source verify of "Ban v0.1" SQL injection
Steven M. Christey
coley at mitre.org
Tue Nov 14 19:09:50 EST 2006
Researcher: Francesco Laurita
Reference: Re: Ban v0.1 (bannieres.php) File Include
Source inspection by a senior CVE analyst says:
The code has
$res=mysql_query("SELECT * FROM bannieres WHERE id='$id'");
mysql_query("UPDATE bannieres SET affichage = affichage + 1 WHERE id='$id'");.
Also, based on the download, the product name used by the researcher
does not match the name shown within the product. Files in the
download say "SCRIPT BANNIERES ... Jean-Christophe Ramos." However, a
search on ComScripts.com associates the script with the name
"ban0.1.", probably based on the name of the ZIP file.
More information about the VIM